Recently, the popularity of this type of fraud as “vishing” is growing. Its essence is that contact with the victim occurs by means of telephone calls. Most often, the fraudster may identify himself as an employee of the bank and ask for confidential information. Sometimes fraudsters use a combination of different methods in an attempt to interest a potential victim or to gain trust.
The meaning of the word “vishing” comes from a combination of the words “voice” and “phishing”. However, usually, this type of attack begins with SMS. There is also a subspecies of scam – “smishing”, which should not be confused with vishing.
Phishing, Vishing, and Smishing: Difference
The concept of “phishing” first appeared in 1990 and described the activities of fraudsters who used the “bait” for potential victims on the Internet. In our time, this method is still used in social engineering as a way of manipulating people.
Over time, cybercrime has taken on a new level and frauds such as “smishing” and “vishing” have emerged as forms of phishing. In the first case, the fraudster sends text messages provoking the victim to follow the link or provide their personal data. The whole process takes place only in text form.
The attack using vishing is different. First, a text message is sent, which is a decoy and is only needed to make sure the number is active and possibly triggers a callback, then the attack occurs.
Most Common Types of Vishing
In order to get the phone numbers of potential victims, fraudsters resort to a variety of methods. Some find them on the darknet in huge databases that have been leaked. Sometimes even placing a phone number in the open access in social networks or job search sites, people become victims of fraud, because often the user himself indicates his name, city, and place of work. Alternatively, there is a method of sending SMS to random numbers and asking them to call the specified number or answer something, such as “1” to cancel the mailing.
Types of Voice Phishing Attacks:
- Bank call. The fraudster calls the victim, posing as a bank employee, and reports a problem with a credit card or account. To solve the problem they ask for confidential data of card or code from SMS.
- Report a big win, money transfer, or loan repayment assistance. The potential victim is informed that a large amount of money has been won, but in order to get the money, the transfer fee must be paid. They also mention that the offer is limited and ask to hurry, otherwise, the offer will end. If the victim has an open credit, the fraudster may offer a service of repayment of the loan for part of its full value.
- Social or Health insurance. Almost all of us use property insurance, whether housing or car insurance. Every time the insurance policy is coming to an end, the insurance company may call to extend the policy about a month before the end of the term. This method is used by intruders. They can call and introduce themselves as employees of the insurance company and offer to renew a policy, asking for the necessary confidential data. Sometimes even they can give out a fake policy that looks real, but in fact, it will be invalid.
- Technical support service paying. This happens when the so-called “master” offers its services to “eliminate the malfunction of the device”, warns about the potential risk of a fault, or offers scheduled maintenance. As a result, he asks to pay for his service of the solution to a problem that often did not exist. Alternatively, fake support can try to ask you about your personal details, or convince to install certain software. Most often, these software features rogue apps or trojans.
How to Avoid Vishing Attacks
The most important thing is to know the basic features of vishing attacks. Any call from an unknown number should be treated as suspicious. It is important to remember that bank employees never ask you for passwords and other confidential information.
If you got a call from “bank employees” from an unknown number, don’t hurry to answer all the questions. Call the hotline of your bank and as if the issues you heard about are real. If someone calls and says that your relative was in a car accident, hang up and call this relative. Stay cool, do not give in to emotions. Also do not fall for too tempting suggestions.
Once you have already become the victim of a scam and have given your data, depending on what data you have reported, take action. If this is bank card data – call the bank, explain the situation and block the card and all recent transactions. In the case when you have transferred money, ask to cancel the transfer, if possible.
The ultimate method of countering any form of phishing on a computer is with anti-malware software. Loaris Trojan Remover is an excellent choice when you need to remove a threat and get rid of its consequences. Why not try it?
As you understand smishing, Vishing calls, and phishing are types of social engineering attacks, their purpose is to steal personal information and confidential data.
IMPORTANT NOTE: Trojan Remover will EASILY work alongside your main antivirus solution without interfering with it and complementing your computer’s security.